1. Field of the Invention
The present invention relates generally to an improved data processing system and in particular to a method and apparatus for integrating repository data. Still more particularly, the present invention relates to a computer implemented method, data processing system, and computer program product to permit an application to use secondary repositories to supplement data from a security-focused repository or a party-focused repository as may be done by combining properties of a security-focused object with a party-focused object.
2. Description of the Related Art
Most software applications require some mechanism to administer access control with respect to the information used by people and programs. For example, a manager for a department may be associated with data and applications that permit him to see his own employees' salaries and not the salaries of others. Organizations that use these applications employ a variety of schemas or models for representing and storing information about an entity to manage access to their data. An entity comprises persons, sub-organizations, groups, and roles. A particular representation of information about these entities is an organization model.
Depending on the nature of the applications requiring the access control, and the types of applications accessing the entities, the representation of the information about the entities can be very different between organization models. For example, an application for managing security of corporate information usually requires the objects holding entity information to be security-focused, while another application supporting business services requires the objects to be party-focused. In the case of a security application, the properties associated with the object refer to personal information such as name, title, address, login identification, and authorization and denial codes that are specific to a person. Although a record or object for an entity includes aspects concerning names and titles, some objects may be created for the exclusive use of a program for automatic execution. To the extent that properties of name and title are used, such properties provide a reference as to whom to contact in case the program encounters an anomalous condition. Consequently, a security-focused application has both objects that are associated with a person and objects that are associated with a program.
On the other hand, a business application or party-focused application requires a different set of properties for the entity or object. For an application that is party-focused, it is the role, rather than the person, that forms the basis of how the application operates. Thus, for example, a person operating under the role of a manager accesses the application. The application identifies the current role, for example, manager, thus providing access according to the authorized role only, and denying access to unauthorized persons. On the other hand, the same person may later access the application as an architect. The application then limits the person access based on his role as architect. Party-focused applications like to see a party “wearing the hat” of the role that the party plays. For example, when a party-focused application accesses Janette the Architect, the application wants to see Janette and characteristics about Janette as an Architect, and such characteristics may or may not be security-related at all.
Developers have developed models for representing various types of entities to meet increasingly specific requirements of an organization's software applications. Some of these representation models have found large enough acceptance to become standardized. Examples of standardized representation models for security-focused models are Lightweight Directory Access Protocol (LDAP), X.500 Directory, and Distributed Management Task Force's (DMTF) Common Information Management (CIM) specification. Examples of representation models of party-focused models include object management group's Party Management Facility and the Customer Profile Exchange found at http://www.cpexchange.org. Client Information Integration Solution (CIIS), a product of International Business Machines Corporation of Armonk, N.Y., is one such example. Party-focused properties that do not fit into the security-focused model are frequently stored in repositories separate from the security-focused repository.
An organization model becomes unmanageable and fragmented as applications are added to an organization's infrastructure. Security-focused models may represent data in one repository and party-focused models may represent data in a separate repository. Further, different applications using essentially the same type of entity models may have nuances that may result in further addition of custom repositories, essentially duplicating or fragmenting the entity data. There are serious overlaps among the security-focused representation models, party-focused representation models, custom representation models, and the vendor specific models. Nonetheless, integration of such party-focused repositories with security-focused repositories have only been achieved in the context of virtual directories and federated databases.